What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2021-33022.

What is the severity rating of CVE-2021-33022?

CVE-2021-33022 has a severity rating of 7.5 (High).

Which Philips products are affected by CVE-2021-33022?

Philips Myvue, Philips Speech, Philips Vue Motion, and Philips Vue PACS versions 12.2.x.x and prior are affected by CVE-2021-33022.

Where can I find more information about CVE-2021-33022?

You can find more information about CVE-2021-33022 at the following references: [Philips Product Security](http://www.philips.com/productsecurity) and [CISA ICS Advisory](https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01).

Vulnerability/
CVE-2021-33022

high

7.5

CWE

319

1/4/2022

3/8/2024

CVE-2021-33022: Philips Vue PACS Cleartext Transmission of Sensitive Information

Q: How does CVE-2021-33022 impact affected products?

CVE-2021-33022 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

First published: Fri Apr 01 2022(Updated: )

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Philips Myvue	<12.2.1.5
Philips Speech	<12.2.8.0
Philips Vue Motion	<12.2.1.5
Philips Vue PACS	<12.2.8.0

Remedy

Philips has released the following plans to address these vulnerabilities: Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Philips released Version 12.2.8.0 in May of 2021 for Speech to remediate this issue and recommends contacting support. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com) The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-33022.
What is the severity rating of CVE-2021-33022?
CVE-2021-33022 has a severity rating of 7.5 (High).
Which Philips products are affected by CVE-2021-33022?
Philips Myvue, Philips Speech, Philips Vue Motion, and Philips Vue PACS versions 12.2.x.x and prior are affected by CVE-2021-33022.
How does CVE-2021-33022 impact affected products?
CVE-2021-33022 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Where can I find more information about CVE-2021-33022?
You can find more information about CVE-2021-33022 at the following references: [Philips Product Security](http://www.philips.com/productsecurity) and [CISA ICS Advisory](https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01).

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/remedy
agent/severity
agent/title
agent/description
agent/first-publish-date
agent/event
agent/tags
vendor/philips
canonical/philips myvue
canonical/philips speech
canonical/philips vue motion
canonical/philips vue pacs

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.